This blog is about understanding, auditing, and addressing risk in cloud environments. Systems and architectures are rapidly converging, hiding complexity with additional layers of abstraction. Simplicity is great for operations - as long as risks are understood and addressed.

Tuesday, February 18, 2014

100 percent of companies have systems calling malicious malware hosts. Investigations of multinational companies show evidence of internal compromise. Suspicious traffic is emanating from their networks and attempting to connect to questionable sites.

Threats grow: 14 percent year over year – new alerts

Market verticals: The rate of malware goes up or down as the value of a particular vertical’s goods and services rises or declines.

37 billion “intelligent things” connected to the Internet by 2020.

Old blogs and idle domains: Millions of abandoned blogs and purchased domains sitting idle, and many of them are probably now owned by cybercriminals. Cisco security experts predict the problem will only worsen as more and more people in emerging Internet markets around the globe establish a blog or a website, only to let it languish later.

Making noise: DDoS attacks are increasingly being used to conceal other nefarious activity, such as wire fraud before, during, or after a campaign

Talent shortage: It’s estimated that by 2014, the industry will still be short more than a million security professionals across the globe.

Cloud computing: For smaller organizations or those with budget constraints, a well-protected and well-managed cloud service can offer more security safeguards than a business’s own servers and firewalls.

76 percent of enterprises using Cisco solutions are also using the Java 6 Runtime Environment, in addition to Java 7. Java 6 is a previous version that has reached its end of life and is no longer supported.